Twenty Year Anniversary
Showing 1 - 22 of 22 RSS Feed

CVE-2018-8897

Status Candidate

Overview

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.

Related Files

Microsoft Windows POP/MOV SS Local Privilege Elevation
Posted Jul 13, 2018
Authored by Nick Peterson, can1357, bwatters-r7, Nemanja Mulasmajic | Site metasploit.com

This Metasploit module exploits a vulnerability in a statement in the system programming guide of the Intel 64 and IA-32 architectures software developer's manual being mishandled in various operating system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS. This Metasploit module will upload the pre-compiled exploit and use it to execute the final payload in order to gain remote code execution.

tags | exploit, remote, kernel, code execution
advisories | CVE-2018-8897
MD5 | b8b99ed8f1e3a142c6687c6ea9be2219
Debian Security Advisory 4201-1
Posted May 16, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4201-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2018-10471, CVE-2018-10472, CVE-2018-10981, CVE-2018-10982, CVE-2018-8897
MD5 | 6a2925f0955d67772df80c9d7b10ff00
Red Hat Security Advisory 2018-1523-01
Posted May 15, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1523-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Includes GlusterFS fixes for CVE-2018-1088, dhcp fixes for CVE-2018-1111, kernel fixes for CVE-2018-1087, and kernel fixes for CVE-2018-8897. Issues addressed include code execution and denial of service vulnerabilities.

tags | advisory, denial of service, kernel, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2018-1087, CVE-2018-1088, CVE-2018-1111, CVE-2018-8897
MD5 | 7a5512991eb1a7076173fd951d1ada6f
Kernel Live Patch Security Notice LSN-0038-1
Posted May 9, 2018
Authored by Benjamin M. Romer

On May 8, fixes for CVE-2018-1087 and CVE-2018-8897 were released in linux kernel version 4.4.0-124.148. These CVEs are both related to the way that the linux kernel handles certain interrupt and exception instructions. If an interrupt or exception instruction (INT3, SYSCALL, etc.) is immediately preceded by a MOV SS or POP SS instruction, the resulting interrupt will be incorrectly handled, possibly crashing the operating system. The issue can be triggered by an unprivileged user. The fix for this problem requires modification of the interrupt descriptor tables (IDT), and modification of the interrupt handlers. Livepatch is unable to safely modify these areas, so upgrading to a corrected kernel and rebooting is required to fix the problem.

tags | advisory, kernel
systems | linux
advisories | CVE-2018-1087, CVE-2018-8897
MD5 | 2fffde47d47abae2cb1a8834a15b901f
Debian Security Advisory 4196-1
Posted May 9, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4196-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2018-1087, CVE-2018-8897
MD5 | 9b8a4b9bc03f27c6ba86c8131ab8bebe
Red Hat Security Advisory 2018-1353-01
Posted May 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1353-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, kernel
systems | linux, redhat
advisories | CVE-2018-8897
MD5 | c5241796c17478b1c3f18e21a6cd5e89
Ubuntu Security Notice USN-3641-2
Posted May 8, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3641-2 - USN-3641-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 17.10. This update provides the corresponding updates for Ubuntu 12.04 ESM. Nick Peterson discovered that the Linux kernel did not properly handle debug exceptions following a MOV/POP to SS instruction. A local attacker could use this to cause a denial of service. This issue only affected the amd64 architecture. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-1000199, CVE-2018-1087, CVE-2018-8897
MD5 | beb0b11dd11ff49bab6ca72745d58a31
Red Hat Security Advisory 2018-1352-01
Posted May 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1352-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, kernel
systems | linux, redhat
advisories | CVE-2018-8897
MD5 | 420724d0a36446144ef2fa7fa5c4e856
Ubuntu Security Notice USN-3641-1
Posted May 8, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3641-1 - Nick Peterson discovered that the Linux kernel did not properly handle debug exceptions following a MOV/POP to SS instruction. A local attacker could use this to cause a denial of service. This issue only affected the amd64 architecture. Andy Lutomirski discovered that the KVM subsystem of the Linux kernel did not properly emulate the ICEBP instruction following a MOV/POP to SS instruction. A local attacker in a KVM virtual machine could use this to cause a denial of service or possibly escalate privileges inside of the virtual machine. This issue only affected the i386 and amd64 architectures. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-1000199, CVE-2018-1087, CVE-2018-8897
MD5 | 3eb5f495f79959cc7295104509cb457e
Red Hat Security Advisory 2018-1354-01
Posted May 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1354-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, kernel
systems | linux, redhat
advisories | CVE-2018-1000199, CVE-2018-8897
MD5 | 52c718fb1f7b7a74732070cc10566268
Red Hat Security Advisory 2018-1355-01
Posted May 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1355-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include denial of service and use-after-free vulnerabilities.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2017-16939, CVE-2018-1000199, CVE-2018-1068, CVE-2018-1087, CVE-2018-8897
MD5 | 99cff38bb231b74e89ecf4c9b6525559
Red Hat Security Advisory 2018-1348-01
Posted May 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1348-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, kernel
systems | linux, redhat
advisories | CVE-2018-1000199, CVE-2018-1087, CVE-2018-8897
MD5 | 12d13af4d4cd7ee4e684823dbaf78607
Red Hat Security Advisory 2018-1351-01
Posted May 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1351-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, kernel
systems | linux, redhat
advisories | CVE-2018-8897
MD5 | 63b4ba7248e7e043f5c6ac3065e8397b
Red Hat Security Advisory 2018-1350-01
Posted May 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1350-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, kernel
systems | linux, redhat
advisories | CVE-2018-8897
MD5 | 3b3dce63e231d31b1571dc0149d1c0b9
Red Hat Security Advisory 2018-1349-01
Posted May 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1349-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, kernel
systems | linux, redhat
advisories | CVE-2018-8897
MD5 | a4f66ad55956ec846623370a5cd816db
Red Hat Security Advisory 2018-1347-01
Posted May 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1347-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, kernel
systems | linux, redhat
advisories | CVE-2018-1000199, CVE-2018-1087, CVE-2018-8897
MD5 | ef48b17b34924bcee2a3beeac3e6786f
Red Hat Security Advisory 2018-1346-01
Posted May 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1346-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, kernel
systems | linux, redhat
advisories | CVE-2018-8897
MD5 | 5916c90c2e9442bbe220128b069a22dc
Red Hat Security Advisory 2018-1345-01
Posted May 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1345-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, kernel
systems | linux, redhat
advisories | CVE-2018-1000199, CVE-2018-1087, CVE-2018-8897
MD5 | c54e30ee17999008942e92f3903a3cda
FreeBSD Security Advisory - FreeBSD-SA-18:06.debugreg
Posted May 8, 2018
Authored by Nick Peterson | Site security.freebsd.org

FreeBSD Security Advisory - The MOV SS and POP SS instructions inhibit debug exceptions until the instruction boundary following the next instruction. If that instruction is a system call or similar instruction that transfers control to the operating system, the debug exception will be handled in the kernel context instead of the user context. An authenticated local attacker may be able to read sensitive data in kernel memory, control low-level operating system functions, or may panic the system.

tags | advisory, kernel, local
systems | freebsd, bsd
advisories | CVE-2018-8897
MD5 | 05c71c8dc70ff40f5b7968260285a503
Red Hat Security Advisory 2018-1319-01
Posted May 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1319-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service and use-after-free vulnerabilities.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2017-1000410, CVE-2017-13166, CVE-2017-18017, CVE-2017-7645, CVE-2017-8824, CVE-2018-8897
MD5 | 42ccdba2244f2e29052f626231d0a846
Red Hat Security Advisory 2018-1318-01
Posted May 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1318-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service and use-after-free vulnerabilities.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2017-16939, CVE-2018-1000199, CVE-2018-1068, CVE-2018-1087, CVE-2018-1091, CVE-2018-8897
MD5 | 130728653b18fe85dd2fc263bb59e1c0
Apple Security Advisory 2018-05-08-1
Posted May 8, 2018
Authored by Apple | Site apple.com

Apple Security Advisory 2018-05-08-1 - This advisory provides additional information for APPLE-SA-2018-04-24-2 Security Update 2018-001.

tags | advisory
systems | apple
advisories | CVE-2018-4187, CVE-2018-4206, CVE-2018-8897
MD5 | fa01713c8fbeae9adad8ba1c07c9be96
Page 1 of 1
Back1Next

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    19 Files
  • 18
    Oct 18th
    21 Files
  • 19
    Oct 19th
    16 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close